The BlackBerry saga

India’s pushback on the BlackBerry issue, along with U.A.E. and Saudi Arabia’s stance is challenging fundamental perceptions of electronic security and global commerce. India and the Gulf countries, contend, and not without justification that they require the ability to intercept encrypted electronic communication in the interest of national security.

India’s history as perhaps the nation most victimized by terrorism has necessitated such a stance. The Indian government has let it be known that it will ban BlackBerry devices in the absence of such an ability (the U.A.E. expects to enforce its ban beginning October 11, if no agreement is reached). At the core of this security dilemma is the uniqueness of RIM’s BlackBerry architecture, where its encrypted emails are stored in server farms in Canada.

There are two aspects to any government’s legitimate need to access encrypted emails — surveillance under warrant, and post-incident forensics. As far as surveillance is concerned, governments should be able to intercept and read communication that they legitimately feel threaten the integrity of the nation and the safety of its citizens. From a post-incident forensics standpoint, physical access to the servers that contain encrypted email will allow the state to control variables, establish a chain of custody and bring about successful prosecutions.

In the U.S., the National Security Agency (NSA) has the ability to “snoop” electronic communication under court order. During the George W Bush Administration, the NSA had the ability to intercept electronic communication without a court order in the days immediately following 9/11 (many suspect that this is an ability that the NSA retains).

India has asked to be given the ability to decrypt BlackBerry emails, if it feels they threaten its national security. RIM has denied the request, stating that there are no master keys to decrypt BlackBerry emails. There are two obvious fallacies with regard to this assertion. One, knowing U.S.’s preoccupation with security, it would have been impossible for RIM (a foreign company, for all intents and purposes) to operate commercially in the U.S., were this true. Two, news reports indicating that the U.S. is in negotiations with India on resolving the issue makes me question why the U.S. would want to insert itself into what should rightly be negotiations between India and RIM (or Canada).

It is the legitimate right of any democratic government to intercept communication that threatens its national security, or to secure and use as evidence any information used to undermine it. Any talk of a settlement whereby a third party or government (such as the U.S.) decrypts BlackBerry emails for India, upon request is unwelcome. For one, it should be fundamentally unacceptable to GoI to allow custody of its citizens’ secure communication to a third country.

The government of India should therefore accept nothing short of access to RIM’s decryption keys and a server farm physically located in India. Anything short of this will likely be a compromise of national security. If RIM chooses to be unyielding, it is entirely their loss. This blogger can think of a million reasons why they will be compelled to reconsider their stance.

There are many imponderables — from what is being encrypted (the communication channel, the email itself, or both) and the strength of the encryption. BlackBerries are just the tip of the iceberg. VoIP services such as Skype, etc. pose considerable challenges to national security. Governments the world over need to evolve consensus on how to handle them. There are no easy answers, unfortunately.

USA’s interest in resolving the issue between India & Canada could have something to do with the fact that most of the large number of American businessmen and diplomats who visit India on a regular basis also happen to be Blackberry users – a very convenient tool to have at hand people who got to be in the loop at all time.